Capgemini announces its Binding Corporate Rules certification; a global data privacy compliance program covering both its clients’ and its own personal data

| Press release
Paris - Capgemini, one of the world's foremost providers of consulting, technology and outsourcing services, today announced it has received approval by the CNIL, the French Data Protection Authority, of its Binding Corporate Rules (BCRs) as data controller and processor. With this dual certification, covering both its own personal data and the personal data of its clients, Capgemini joins the very few companies that have decided to implement the highest market standards for the protection of personal data.

This approval covers all Capgemini Group entities processing personal data and all Capgemini activities and business lines that involve the processing of its clients’ personal data. Built as an internal global data privacy compliance program which is fully integrated into the Group’s Cybersecurity and Information Protection program, the BCRs are intended to ensure that personal data is granted a uniform level of protection and security wherever it travels within the Group.

BCRs will also give the means to Capgemini, as well as its clients, to process and transfer personal data in full compliance with the upcoming EU General Data Protection Regulation1 that is due to impose enhanced obligations on companies and public entities when processing personal data.

"BCRs are a key business differentiator for Capgemini as we are now one of the very few global players in our industry to have BCRs approved both as data controller and data processor. By putting in place the appropriate policies, security measures, awareness campaigns and audit programs, Capgemini is offering its clients the highest standards currently available in the market," said Paul Hermelin, Chairman and CEO of the Capgemini Group. "Capgemini is committed to providing its clients, partners and employees with a trustworthy and seamless environment."

BCRs form a global privacy compliance program approved by one data protection authority acting on behalf of the 28 Data Protection Authorities of the European Union. They enable multinational companies to transfer personal data seamlessly within their group companies and in particular to those located outside of the EU. In order to receive approval, companies must provide evidence, to the satisfaction of the EU data protection authorities, that they have put in place the adequate organisation, procedures and means to ensure effective protection of personal data within the entire group.

- ENDS -